con7844 restful web services and oracle database
DESCRIPTION
Oracle Openworld CON7844 RESTful Web Services and Oracle DatabaseTRANSCRIPT
RESTful Services & Oracle DatabaseOracle RESTful Data Services
Colm DivillyConsulting Member of Technical StaffOracle Database ToolsSeptember, 2014
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Oracle REST Data Services Overview
New Features
Filtering REST Collections
Oracle NoSQL Database Support
Securing RESTful Services
1
2
3
4
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle REST Data ServicesOverview
Declaratively transform database data into JSON, and other Web interchange formats, and expose that data over HTTP with strong support for key principals of the REST style.• Uniform Methods: GET, POST, PUT, DELETE, PATCH• Hyperlinks As The Engine of Application of Application State (HATEOAS)• Entity Tags, Conditional Operations, Optimistic Locking• Secured with Industry Standard protocols: HTTPS, OAuth 2.0
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
New Features
• New JSON format–Based on JSON Schema.–All Oracle products converging on same syntax.• Improved Standalone Mode–Uses Jetty instead of Grizzly.–HTTPS support.–Well Proven
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
New Features
•Much Improved Install– java -jar ords.war, set’s everything up, db connections, db
schema install, launch standalone–Get to fully installed and configured ORDS in minutes.• Expose tables and views as REST collections with a couple of clicks
in SQL Developer.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
New Features
• Filter and project within REST collections.• Protect REST Endpoints with OAuth 2.0 & first party cookie based
authentication.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle NoSQL Database Support
•Expose NoSQL Tables as JSON REST Collections•Supports CRUD operations on tables•Supports query on tables•Secure access in same manner as other ORDS REST
Services
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
REST Collection Filtering
•Filter resource collections using a JSON based syntax•Sub select specific items in the collection•Project subset of columns in the collection•Modify ordering of items in the collection
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing RESTful Services: OAuth 2.0
•OAuth 2.0 is an industry standard protocol for controlling third party access to REST APIs.•The short version:
Registered third party apps use an access token to prove they are authorised by a user to make
access on the user's behalf.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing RESTful Services: OAuth 2.0
•3 Steps:• Register client application• Start Approval Flow, approve access• Submit request with access token
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Securing RESTful Services: Cookie Auth
•For first party applications only! Meaning the first party application MUST reside on the same origin as the REST API, so that the browser's 'Same Origin' Policy applies.•Third party origins are NOT permitted to use Cookie Auth, and we specifically prevent 3rd party origins using Cookie Auth, because of the security risks involved.•Cookies are ALWAYS sent by the browser, this is what makes web-apps susceptible to Cross Site Request Forgery (CSRF) attacks. OAuth access tokens are not sent automatically, the client needs to manually add the token to each request, this prevents CSRF attacks.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Oracle REST Data ServicesQuestions & Answers?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |